Project-09: Deploying a Secure AWS Architecture with CloudFormation

Project-09: Deploying a Secure AWS Architecture with CloudFormation

This architecture includes:

  1. A public EC2 instance running Apache, accessible via the internet.

  2. A private EC2 instance with Git installed, accessible only through the public EC2 instance.

  3. NAT Gateway to enable internet access for the private instance.

    Step 1: Writing the CloudFormation Template

    You can download the YAML file [here]

     AWSTemplateFormatVersion: '2010-09-09'
     Description: CloudFormation template to create create a vpc with 1 public subnet with 1 
     ec2 instance with apache and make sure the website is working on its public ip. 
     Then create a private subnet with nat gateway and create a private server and install git using userdata. 
     SSH to the private server to make sure git is installed.
    

    Step 2: Deploy the CloudFormation Stack

    1. Upload the Template: Go to the AWS Management Console:

      • Navigate to CloudFormation > Create Stack.

      • Upload the template and provide parameters like CIDR blocks and key pair name.

Step 3: Access the Public EC2 Instance

To access the public EC2 instance:

  1. Ensure SSH is enabled in the public instance's security group.

  2. Use the following command from your local machine:

     ssh -i "<key123.pem>" ubuntu@<Public_EC2_Public_IP>
    
  3. Verify Apache is running: Open a browser and enter the public IP of the instance:

     http://<Public_EC2_Public_IP>
    

    Step 4: Accessing the Private EC2 Instance via Public EC2

    Since the private EC2 instance is in a private subnet, it’s not directly accessible from the internet. You’ll use the public EC2 instance as a bastion host to connect to the private EC2 instance. Here's how:

    Steps

    1. Copy the Key to the Public EC2 Instance

On your local machine(gitbash/powershell), copy the private key (key123.pem) to the public EC2 instance using the scp command:

        scp -i "<key123.pem>" <key123.pem> ubuntu@<Public_EC2_Public_IP>:~/
        chmod 400 <key123.pem>

Replace <key123.pem> with the path to your private key file.

Replace <Public_EC2_Public_IP> with the public IP address of the public EC2 instance.

  1. SSH into the Public EC2 Instance

     ssh -i "<key123.pem>" ubuntu@<Public_EC2_Public_IP>
     ls
     chmod 400 <key123.pem>
    
  2. SSH into the Private EC2 Instance

     ssh -i "<key123.pem>" ubuntu@<Private_EC2_Private_IP>
    

Verify Git Installation

Once logged into the private EC2 instance, confirm Git is installed:

        git --version

Alternative: Using SSH-Agent for Accessing Private EC2 via Public EC2(Bastion Host) in windows OS

  • Steps on Local Machine(Git Bash)

    Add your private key to the agent:

      eval "$(ssh-agent)"
      ssh-add <your-key>.pem
    

    Replace k8skey.pem with the path to your private key.

  • Verify the loaded key:

      ssh-add -l
    

    This lists the identities added to the ssh-agent.

  • SSH into the bastion host with agent forwarding:

      ssh -A ubuntu@<public-server-IP>
    

    The -A flag enables agent forwarding, allowing you to use the private key on the bastion host.

  • SSH from the bastion host to the private server:

      ssh -A ubuntu@<private-server-IP>
    

    Agent forwarding allows you to connect securely without needing to copy the private key to the bastion host.

Final Step: Clean-Up Instance

After successfully deploying and testing your infrastructure, it’s important to clean up the resources to avoid unnecessary costs. Here’s how:

Delete the CloudFormation Stack

  • Navigate to the AWS CloudFormation Console.

  • Select your stack and click Delete.

  • AWS will automatically delete all resources created by the stack, such as the VPC, elastic IP, subnets, EC2 instances, NAT Gateway, and more.